Konstantinos Agouros wrote:
> I guess (if I remember correctly) the PKCS7 and the CRL-stuff will be most
> important.
> First of all I will do a little cgi-debugging, to see, what the router
> is actually sending. If I understood the Cisco implementation correctly,
Some time ago I read something about the CISCO SCEP and, if I can remember
correctly, it does a PKCS#10 request.... but I am not sure...
> one needs a way to retrieve a ca-certificate (there aren't so many ways to
> do this \:), to retrieve a crl via ldap (is there a standard-way for this)
> and to start a certificate request and retrieve the signed certificate.
> These are all thing that OpenCA can do already one (I guess that's me \:)
> just has to find out, how a cisco-router does this.
Yes, anyway some modifications are needed - I suppose - to allow such requests
to be processed correctly. About CRLs I think there are differences if we
store it into LDAP v2 or v3 - actually openldap, I think, supports the v2
protocol and, if the router supports it, the actual attribute where to store
a crl is the certificaterevocationList;binary - DER formatted. To be checked.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
